#!/usr/bin/env bash # ota-publish.sh — Publish an OTA update to makenot.work # # DEPRECATED: superseded by `mnw-cli ota publish` (typed, tested, retried). # This script also predates the SyncKit SDK-key auth field, so it no longer # authenticates against the current server. Kept for reference only. # See: _private/docs/meta/ota-release-runbook.md # # Usage: # ./deploy/ota-publish.sh --slug goingson --version 0.2.2 --target linux --arch x86_64 \ # --artifact path/to/bundle.tar.gz [--notes "Bug fixes"] [--signature "..."] # # Environment: # MNW_OTA_EMAIL — MNW account email (or set via --email) # MNW_OTA_PASSWORD — MNW account password (or set via --password) # MNW_OTA_API_KEY — SyncKit app API key (or set via --api-key) # MNW_OTA_SERVER — Server URL (default: https://makenot.work) set -euo pipefail SERVER="${MNW_OTA_SERVER:-https://makenot.work}" EMAIL="${MNW_OTA_EMAIL:-}" PASSWORD="${MNW_OTA_PASSWORD:-}" API_KEY="${MNW_OTA_API_KEY:-}" SLUG="" VERSION="" TARGET="" ARCH="" ARTIFACT="" NOTES="" SIGNATURE="" usage() { echo "Usage: $0 --slug SLUG --version X.Y.Z --target OS --arch ARCH --artifact FILE" echo "" echo "Required:" echo " --slug App slug (e.g. goingson, balanced-breakfast, audiofiles)" echo " --version Semver version (e.g. 0.2.2)" echo " --target Target OS: linux, darwin, windows" echo " --arch Architecture: x86_64, aarch64" echo " --artifact Path to the built artifact file" echo "" echo "Optional:" echo " --notes Release notes (default: empty)" echo " --signature Minisign signature for Tauri verification" echo " --email MNW account email (overrides MNW_OTA_EMAIL)" echo " --password MNW account password (overrides MNW_OTA_PASSWORD)" echo " --api-key SyncKit API key (overrides MNW_OTA_API_KEY)" echo " --server Server URL (overrides MNW_OTA_SERVER)" echo "" echo "Environment variables: MNW_OTA_EMAIL, MNW_OTA_PASSWORD, MNW_OTA_API_KEY, MNW_OTA_SERVER" exit 1 } while [[ $# -gt 0 ]]; do case $1 in --slug) SLUG="$2"; shift 2 ;; --version) VERSION="$2"; shift 2 ;; --target) TARGET="$2"; shift 2 ;; --arch) ARCH="$2"; shift 2 ;; --artifact) ARTIFACT="$2"; shift 2 ;; --notes) NOTES="$2"; shift 2 ;; --signature) SIGNATURE="$2"; shift 2 ;; --email) EMAIL="$2"; shift 2 ;; --password) PASSWORD="$2"; shift 2 ;; --api-key) API_KEY="$2"; shift 2 ;; --server) SERVER="$2"; shift 2 ;; -h|--help) usage ;; *) echo "Unknown option: $1"; usage ;; esac done # Validate required args [[ -z "$SLUG" ]] && { echo "Error: --slug required"; usage; } [[ -z "$VERSION" ]] && { echo "Error: --version required"; usage; } [[ -z "$TARGET" ]] && { echo "Error: --target required"; usage; } [[ -z "$ARCH" ]] && { echo "Error: --arch required"; usage; } [[ -z "$ARTIFACT" ]] && { echo "Error: --artifact required"; usage; } [[ -z "$EMAIL" ]] && { echo "Error: MNW_OTA_EMAIL or --email required"; usage; } [[ -z "$PASSWORD" ]] && { echo "Error: MNW_OTA_PASSWORD or --password required"; usage; } [[ -z "$API_KEY" ]] && { echo "Error: MNW_OTA_API_KEY or --api-key required"; usage; } [[ ! -f "$ARTIFACT" ]] && { echo "Error: artifact file not found: $ARTIFACT"; exit 1; } FILE_SIZE=$(stat -f%z "$ARTIFACT" 2>/dev/null || stat -c%s "$ARTIFACT" 2>/dev/null) echo "Publishing OTA update: $SLUG v$VERSION ($TARGET/$ARCH, ${FILE_SIZE} bytes)" # Step 1: Authenticate echo " Authenticating..." AUTH_RESPONSE=$(curl -sf -X POST "$SERVER/api/sync/auth" \ -H "Content-Type: application/json" \ -d "{\"email\":\"$EMAIL\",\"password\":\"$PASSWORD\",\"api_key\":\"$API_KEY\"}") TOKEN=$(echo "$AUTH_RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])") APP_ID=$(echo "$AUTH_RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['app_id'])") echo " Authenticated (app: $APP_ID)" # Step 2: Create release echo " Creating release v$VERSION..." RELEASE_BODY=$(python3 -c "import json,sys; print(json.dumps({'version':sys.argv[1],'notes':sys.argv[2],'signature':sys.argv[3]}))" "$VERSION" "$NOTES" "$SIGNATURE") RELEASE_RESPONSE=$(curl -sf -X POST "$SERVER/api/sync/ota/apps/$APP_ID/releases" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d "$RELEASE_BODY") RELEASE_ID=$(echo "$RELEASE_RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])") echo " Release created: $RELEASE_ID" # Step 3: Register artifact and get presigned upload URL echo " Registering artifact ($TARGET/$ARCH, $FILE_SIZE bytes)..." ARTIFACT_BODY=$(printf '{"target":"%s","arch":"%s","file_size":%s}' "$TARGET" "$ARCH" "$FILE_SIZE") ARTIFACT_RESPONSE=$(curl -sf -X POST "$SERVER/api/sync/ota/apps/$APP_ID/releases/$RELEASE_ID/artifacts" \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d "$ARTIFACT_BODY") UPLOAD_URL=$(echo "$ARTIFACT_RESPONSE" | python3 -c "import sys,json; print(json.load(sys.stdin)['upload_url'])") echo " Got presigned upload URL" # Step 4: Upload artifact to S3 echo " Uploading artifact..." curl -sf -X PUT "$UPLOAD_URL" \ -H "Content-Type: application/octet-stream" \ --data-binary "@$ARTIFACT" echo " Upload complete" # Step 5: Verify updater endpoint echo " Verifying updater endpoint..." HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" \ "$SERVER/api/sync/ota/$SLUG/$TARGET/$ARCH/0.0.1") if [[ "$HTTP_CODE" == "200" ]]; then echo " Updater check returns 200 — update is live" else echo " Warning: updater check returned $HTTP_CODE (expected 200)" echo " The release was created but the updater endpoint may not be serving it yet." fi echo "" echo "Published: $SLUG v$VERSION ($TARGET/$ARCH)" echo "Updater URL: $SERVER/api/sync/ota/$SLUG/$TARGET/$ARCH/$VERSION"